Ukuba sengozini ku-io_uring kuvumele umsebenzisi ngaphandle kwezimvume ukuthi abe yizimpande ngisho nasezitsheni

Darkcrizt

Imizuzu ye-4

Muva nje ulwazi lobungozi ludaluliwe (CVE-2022-29582) ekusetshenzisweni kwesixhumi esibonakalayo se-io_uring se-asynchronous I/O, esifakwe ku-Linux kernel kusukela kunguqulo 5.1, evumela umsebenzisi ongenalo ilungelo ukuthi abe yimpande kusistimu, ngisho nalapho esebenzisa ukuxhashazwa kwesiqukathi.

Kuyafaneleka ukusho lokho uthe ubungozi bubikwe ngaphezudlwana nje kwezinyanga ezi-3 ezedlule (cishe ekuqaleni kukaMeyi kulo nyaka), kodwa ulwazi olugcwele nokudalula kusanda kukhishwa.

Mayelana nokuba sengozini, kuyashiwo ukuthi lokhu kwenzeka uma ufinyelela ibhulokhi yememori eseyikhululiwe, iziveza kuma-Linux kernels aqala ngegatsha le-5.10.

Mayelana nokuba sengozini kwe-CVE-2022-29582

Lokhu kuba sengozini ivumela ukufinyelela kumemori ekhululiwe njengomphumela wesimo somjaho lapho uphatha ukuphela kwesikhathi ku-io_flush_timeouts() function, okuyintoe isusa ukufakwa kwesikhathi sokuvala ohlwini futhi alukhansele, ngaphandle kokuqinisekisa ukudalwa nokususwa kwesikhathi sokuvala ngaleso sikhathi.

Incazelo evamile ebuyekeziwe ye-io_uring isivele inikezwe abanye. Bayichaza kangcono izikhathi eziyinkulungwane kunathi, ngakho-ke sizovele simboze uhlelo olungaphansi kakhulu (bona lesi sihloko se-Grapl Security kanye nale ndatshana ye-Flatt Security ukuze uthole isingeniso esihle).

Yini ebaluleke kakhulu, inkambu ye-opcode inquma ukuthi yiluphi uhlobo lomsebenzi okufanele wenziwe. Ku-"opcode" ngayinye eyidingayo, inkambu ye-fd icacisa isichazi sefayela okumele kwenziwe kuso i-I/O eceliwe. Cishe zonke izingcingo ezijwayelekile zesistimu ye-I/O (funda, thumela, njll.) zinekhodi ye-asynchronous elinganayo. Inkambu ngayinye ingathatha izindima ezihlukene kuye ngomsebenzi.

Uma isitholiwe ku-SQ, i-SQE iguqulelwa ekumeleleni kwangaphakathi okuchazwe yi-struct io_kiocb( kernel input/output call back). Lezi zinto zaziwa kakhulu ngokuthi izicelo.

i-struct io_kiocb isetshenziswa njengelingana ne-SQE "ready-for-launch" esekelwe kuyo, lapho noma iyiphi incazelo yefayela ixazululwa ukuze kwakhiwe amafayela*s, kunamathiselwe imininingwane yomsebenzisi, ubuntu (lapho ama-cores azosebenza khona), njll. .

Ngemuva kokuthi umsebenzi oceliwe usuqedile, kubhalwa kulayini wokuqedela (CQ) okufakiwe okuhambisana ne-SQE. Ukufaka okunjalo kubizwa ngokuthi i-completion queue entry (CQE) futhi iqukethe izinkambu ezifana nekhodi yephutha kanye nenani lomphumela. Uhlelo lokusebenza lwesikhala somsebenzisi lungakwazi ukuhlola i-CQ ngokufakiwe okusha ukuze kunqunywe ukuthi ama-SQE athunyelwe aqedile ukucutshungulwa nokuthi wawuyini umphumela wawo.

Kushiwo lokho kukhona ezinye izimo lapho kulula ukushintsha into ngenqubekelaphambili. Kodwa kunemikhawulo emibili:

  • I-LT' kufanele yabelwe futhi iqaliswe efasiteleni lomjaho. Okusho ukuthi, ngemva kokukhishwa kwe-LT kodwa ngaphambi kokufinyelela iphuzu ku-LT elingasafinyelelwa.
  • I-LT' ingaba enye into ye-struct io_kiocb. Ngenxa yokuhlukaniswa kwenqwaba, lapho izinto ezikwinqumbi zihlukaniswa ngokohlobo lwazo, kunzima kakhulu ukuphinda uzinikeze njengohlobo oluhlukile lwento ngaphakathi kwewindi lomjaho.

Abacwaningi balungiselele ukuxhashazwa okusebenzayo okungadingi ukufakwa kwezikhala zamagama zesikhombi somsebenzisi (izikhala zamagama zomsebenzisi) ukuze isebenze futhi enganikeza ukufinyelela kwezimpande kumsingathi lapho umsebenzisi ongenamalungelo ethula ukuxhaphaza esitsheni esisodwa.

I-exploit yethu ihlose inguqulo ye-kernel 5.10.90, inguqulo i-Google eyayisebenza ukude ngaleso sikhathi. Bekufanele silungise ukusizakala kwethu ukuze kube nokucaciswa okuthile kweseva (4 Skylake Xeon cores @ 2.80Ghz, 16GiB RAM), kodwa ngokulungiswa okuthile, noma yimuphi umshini osebenzisa i-kernel esengozini kufanele usetshenziswe.

Ukuxhaphaza futhi kusebenza endaweni ye-nsjail ihlukaniswe ekusatshalalisweni kwe-Google COS (I-Container Optimized OS) esekelwe ku-Chromium OS futhi isetshenziswa ku-Google Cloud Platform kumishini ebonakalayo ye-Compute Engine. Ukuxhashazwa kuklanyelwe ukusebenza namagatsha e-kernel kusuka ku-5.10 kuya ku-5.12. Okokugcina, kufanelekile ukusho lokho inkinga ilungiswe ngo-April kuzibuyekezo 5.10.111, 5.15.34 kanye 5.17.3.

Okokugcina, uma ungathanda ukwazi okwengeziwe mayelana nokuba sengozini, ungathintana nokushicilelwe okwenziwe Kulesi sixhumanisi esilandelayo.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Unomthwalo wemfanelo ngedatha: AB Internet Networks 2008 SL
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.